More governement security at its finest: Jury summons

Yesterday, I experienced something that many people are already familiar with: A jury summons.

The paperwork explained how I was randomly selected from the DMW or voter database (which I am not part of), and to present myself on October 10th at a particular courthouse. It came with apologies, helpful information and a parking permit.

There is only one big problem:
I am not a U.S. citizen, hence not legally allowed to be a juror.

Yes, I could send in the form, with proof of my non-citizenship, and I would be "excused" from this duty.

But that is not the point.

Think for a second what would happen if I "played stupid", and showed up at the requested time and place, Californian drivers license in hand? Would anybody have checked anything at all? I strongly doubt it. Then continue the thought: What happens to a court case if one of the jurors turns out afterwards to be "ineligible" ? IANAL, but "instant mistrial" sounds like a likely outcome.

Lessons here: Don't re-use database information for other purposes, especially if the authorization levels are different. Being able to recognize a stop-sign is not the same as being able to judge a serial killer.

Security outsourcing: pigs or chickens?

Luck has it that I found a picture on a lolcat-related site that illustrates some points better than any presentation I could give.

When asking somebody to manage your security, think about bacon and eggs, and ask yourself: Is this person a pig (committed) or chicken (involved)?

So, when you have the lowest bidder managing your critical systems, don't be surprised to get exactly what you asked for.

OMG! We are are all gone DIE!

Let's take a breather from the "swine flu" craziness, and think things through for a minute.
First off:

Yes, you are going to die.

Life has a 100% mortality rate. This has been proven billions of time before you were born. Anybody who believes they are immortal needs serious counseling.

Now that we got that unpleasantness out of the way, let me give you some basics of "threat level analysis" : In a nutshell, you figure out out what is most likely to hurt you based on a self-assessment and what has happened to others in the past, which gives you a list of what exactly you should be worried about, and how much.

Let's look at the facts that we have available:

This particular "swine flu" "epidemic" has killed less than a dozen people total. Source: CDC

Other mortality stats of other causes (Source: NSC):

Type of Accident or Manner of Injury				Deaths	One Year Odds	Lifetime Odds

	Assault, X85-Y09, Y87.1, *U01			18,124	16,360	210
		Assault by firearm, X93-X95		12,352	24,005	309
		Assault by sharp object, X99		2,097	141,396	1,817
		Other and unspecified means and sequelae, X85-X92, X96-X98, Y00-Y09, Y87.1,*U01

	Event of undetermined intent, Y10-Y34, Y87.2, Y89.9			4,742	62,528	804
		Poisoning, Y10-Y19		3,240	91,515	1,176
		Hanging, strangulation, and suffocation, Y20		139	2,133,144	27,418
		Drowning and submersion, Y21		242	1,225,236	15,749
		Firearm discharge, Y22-Y24		221	1,341,661	17,245
		Exposure to smoke, fire, and flames, Y26		120	2,470,892	31,760
		Falling, jumping, or pushed from a high place, Y30		69	4,297,204	55,234
		Other and unspecified means and sequelae, Y25, Y27-Y29, Y31-Y34,Y87.2, Y89.9		711	417,028	5,360

			Ignition or melting of nightwear, X05	6	49,417,844	635,191
			Ignition or melting of other clothing and apparel, X06	97	3,056,774	39,290

There you have it.

You are more likely to killed by your own pajamas or an asteroid than by this flu.

You don't need a mask, you need fireproof pajamas and a safety helmet.

P.S.:Get one for the kids as well

Biz Stone reads my post!

Techcrunch reports on a email being sent to specific twitter accounts:

We’re going to discontinue autofollow because this behavior
sends the wrong message. Namely, it is unlikely that anyone can
actually read tweets from thousands of accounts which makes
this activity disingenuous.

Biz Stone, Co-founder
Twitter, Inc.

This is exactly what I have been saying recently about the "followers bubble". I've had others agree with me, while some (not to be named here) call out that it wasn't my place to say how they should use twitter. You're right. I have no control or jurisdiction over your twitter accounts. But the twitter exec staff sure does.

Yes, during my happy-dance, I did realize that this new policy will only relate to those few accounts using the twitter-implemented auto-follow, and do nothing for those who use external tools for this. But one can hope that this becomes a more strict policy, and I got a solution for that too:

Biz, because you such a nice guy, here is my free twitter monetisation strategy for you:

Relate the number of people you can follow to a pricing tier.

Think of the benefits:

1. Keep the auto-followers under control, without needing to heuristically blacklist accounts.
2. Only celebrities, companies and spammers are impacted, and they all got money.
3. ...
4. Profit!

This is possibly going to stir up some emotions, but think about this:
If you can honestly say "I think this person is interesting, so I am going to follow what they have to say", then why would you refuse to pay e.g. 1 cent per month for the privilege?

You are all special! That's why you ride the short bus to school!

Don't you just love these little notifications from twitter when you have a "new follower"?
Doesn't it make you feel all fuzzy and warm inside?

That's cool.

Are you starting to asses your self-worth by the number of followers you have?

Do you "follow" people just so they might follow you?

Do you "follow" people just because they follow you?

That's retarded.

And if you have a script in place that does the automatic "follow who follows me" for you...
that makes you the retard that pees in the public pool.

Here's why:

The number of followers is not a score. It's a statistic. Like "minutes used on your phone plan" or "number of claimed dependents". Changing that number doesn't make you more or less cool. Changing your behavior just to change the number is stupid.

The entire "Reason D’être" is to post status messages. So that people who think you are interesting can see what you are doing or thinking. So they "follow" you. But: there is a limited amount of information that a human can possibly read and comprehend, at any given 24h period.

Ergo: With every additional person you "follow" the average "attention value per followed person" decreases.

In other words:
If you follow more than a few dozen people at the same time, you are a fraud.

What else would you call promising people to give attention, and then ignoring them ?

Of course, the auto-follow is evil squared.

This is telling people "You are so special to me, I will subscribe to everything you say. But I can't be bothered to read it. Or even click a button to send this message. Also, here's my affiliate link to herbal viagra."

Yes, this is my new pet peeve, because it destroys the emerging ecosystem. I have seen spam bots with dozens to thousands of followers, and interesting people with only a handful of followers. Do you see what going on here?

I do find some enjoyment in the fact that the people who are complaining most about receiving twitter spam are those who are at the root cause of it. Karma can be a bitch.

"Why so serious?" ? Because I am one of those old geeks who remembers the days that you could actually post an email address online without it being spammed to death in hours. These days, spam traffic is the bulk of all email. Can we learn from mistakes, please?

My email address was: 2:293/608.23

Yes, really.

While looking for some older post I once made, I discovered one of the first I made.
Ever. At least on the internet. It was 1995. Thats roughly a decade and a half worth of live on the tubes that google searched through, in the blink of an eye.

Impressive, but people forget that life did not start with this "internet" stuff.

Before that, I used "FidoNet". It's logo was this:

                 __
                /  \
               /|oo \
              (_|  /_)
               _`@/_ \    _
              |     | \   \\
              | (*) |  \   ))
 ______       |__U__| /  \//
/ FIDO \       _//|| _\   /
(________)     (_/(_|(____/

Yes, younglings, that's a logo, from the days when a "GIF image" was a state of the art extravagance (which required switching to another application). And just in case you are wondering, that's a dog holding what we use to call a "floppy". Not the fancy-smancy 3.5 inch hard-plastic kind, but the good old "five and a quarter" slab of floppyness.

Those were the days of booting up an XT, firing up a "fancy" editor to type in your email, "packing" it, "tossing it", firing up the modem, listening patiently for it to connect (you could diagnose many connection problems by listening to the "handshake sounds"). Then off your mail went, and if you were really lucky, there was a zipped email waiting for you at your providers location. Mail was routed organically, and could take several days to travel across continents. "Discussion group" post could take a couple of days to reach everybody in the country. And attachments, although technically possible, would get you flogged by every "sysop" down its route.

The good old days... men were men, women didn't exist. Modems were big enough to stop a bullet for you (maybe even a runaway bull). And had blinking lights!

What it did not have were things like "the wayback machine", or "archive.org" to act as a historian of all these years of content. There is no way to ever find the text again of my first shy post. Or the "really funny joke" about the carrot and the nurse. Or the discussion that founded some companies are architecture setups that are in use still today.

"All the moments will be lost in time, like tears in the rain."

Now get off my lawn!

Half a car ?

I saw this zipping by me on highway 101.
Does anybody have an idea what this is? An escape pod?

It takes a govermental agency to be this security clueless!

Recently, I had to look up something on website ran by a local college. Of course, the site broke (the pages did not load within the session timeout), so I fired off an email to their listed support email.

Here is what I got back:

Auto-Reply

We have received your email enquiry. Please try one or more of the suggested solutions below. Web help is available Monday through Friday 8am - 4:00pm (not available weekends and holidays). If you reply to this email, please provide your full name, Soc. Sec. No., birthdate, and your current address.

Quick help



New Applicants: you will be able to login to the WebAdvisor one business day after you have submitted your application.

Step-by-step Web Registration Instructions:

http://(removed)/spring09/fullSchedule.pdf


Account Lock-out:

Wait 10 minutes and try again

Password and login help:

If necessary, please go to the WebAdvisor web page and select "What is my User ID?" from the Student Menu. Provide the required information to obtain your User ID.
Then select "What's my password" from the Student Menu.
Select "I don't remember my password" and provide the required information.
A new password will be emailed to you.

Password must be 6 to 9 characters in length and include both letters and numbers, no special characters

If you are still having problems, please contact the appropriate
Admissions & Records Office
(Contact Information removed here)

Thanks

Class assignment: List all security violations in this reply, discuss.

On Kafka and child porn

Interesting application of child porn laws:

In the Pennsylvania case, a school official seized the phone of one of the boys after he was caught using it during school hours in violation of a school rule, according to local police Capt. George Seranko. The official found the picture on the phone, and after some interrogation, discovered that two other girls had also e-mailed photos of themselves in the nude to friends. That's when the school called police, who obtained search warrants to seize the phones and examine them. Police showed the images to the local district attorney, who recommended they bring charges.

I've seen this happening so many times: An ambitious politician creates a law "for the good of the children" and before you know it people with pitchforks are setting libraries on fire.

Imagine this:
You are alone in your room. You look at yourself naked in the mirror. You take a picture of yourself, and you instantly are sex offender, branded for life. Any friends you send it too, instantly are too.

Or...

Two kids having consensual sex. Legally. The can invite kids of their own age to watch. Or even join in. When they watch through a window, they are legally OK. When they watch using a web cam, they all are instant sex offenders.


Or how about... you are surfing myspace and stumble across a profile page of a teen posting nude pictures of him/herself. Yes, that teen would be in violation of (amongst other things) the TOS. But still your browser dutifully downloads and stores the offending JPG. From then on, any computer forensics package run on your PC will provide the proof to convict you of possession of child porn.

Personally, I don't know what is scarier these days. The "evil hackers on the internet" or the "knights that protect us".

One group will try to to rip you off, and steal your money. The other can take away your home, freedom, custody of your kids.